Correlation-based detection of exploit activity
US10243972B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 11, 2016 |
| Grant date | Mar 26, 2019 |
| Priority date | — |
| Expiry date | Aug 21, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04W12/122
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A security agent implemented on a monitored computing device is described herein. The security agent is configured to receive an event notification indicative of execution of an object and store, in a data structure on the monitored computing device, information associated with the event notification and the object. The security agent is further configured to receive an event notification indicative of an occurrence on the monitored computing device of an activity. Based at least in part on the stored information, the security agent correlates the occurrence of the activity with the execution of the object and generates an exploit detection event based on the correlating.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.